diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-07 09:56:49 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-12 09:31:03 +0200 |
commit | 70ebf53b9e19596660b27c3522e8596a31fab4b7 (patch) | |
tree | c3a0e702562367f3470c5069f782b9fd2f0fe47b | |
parent | 119fffef64aa1c43f082dbe3ffbfdf47b257dd4a (diff) | |
download | gnutls-70ebf53b9e19596660b27c3522e8596a31fab4b7.tar.gz |
cbc_mac_verify: require minimum padding under SSL3.0
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/cipher-cbc.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/cipher-cbc.c b/lib/cipher-cbc.c index 133595b78a..22b9390596 100644 --- a/lib/cipher-cbc.c +++ b/lib/cipher-cbc.c @@ -84,6 +84,7 @@ int cbc_mac_verify(gnutls_session_t session, record_parameters_st *params, const uint8_t *tag_ptr = NULL; unsigned preamble_size; uint8_t tag[MAX_HASH_SIZE]; + unsigned blocksize = _gnutls_cipher_get_block_size(params->cipher); pad = data[data_size - 1]; /* pad */ @@ -92,14 +93,19 @@ int cbc_mac_verify(gnutls_session_t session, record_parameters_st *params, * because there is a timing channel in that memory access (in certain CPUs). */ #ifdef ENABLE_SSL3 - if (ver->id != GNUTLS_SSL3) + if (ver->id == GNUTLS_SSL3) { + if (pad >= blocksize) + pad_failed = 1; + } else #endif + { for (i = 2; i <= MIN(256, data_size); i++) { tmp_pad_failed |= (data[data_size - i] != pad); pad_failed |= ((i <= (1 + pad)) & (tmp_pad_failed)); } + } if (unlikely (pad_failed != 0 |